First Last Prev Next    This bug is not in your last search results.
Bug 236880 - [PATCH] Fix NULL bio crash in loop worker thread
[PATCH] Fix NULL bio crash in loop worker thread
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Eric Sandeen
Martin Jenner
:
: 280861 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-04-18 04:21 EDT by Alexey Dobriyan
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RHBA-2007-0959
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 14:47:07 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
[PATCH] Fix NULL bio crash in loop worker thread (545 bytes, patch)
2007-04-18 04:21 EDT, Alexey Dobriyan 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Alexey Dobriyan 2007-04-18 04:21:43 EDT 
Description of problem:

After LOOP_SET_FD/LOOP_CLR_FD combo loop device's queue gets request
handler which is persistent.

After, say

        mount -t iso9660 /dev/loop0 /mnt        # sic

this request handler is called directly with
a) ->lo_state being Lo_unbound
b) ->lo_pending being zero

Error path in loop_make_request() completes ->lo_bh_done completion
which is persistent as well.

Now, let's start worker thread as usual. It'll set ->lo_pending to 1,
don't wait for completion because it was already completed (brokenly),
and will not get out of infinite loop because of ->lo_pending. Loop
device doesn't have bios at this point and triggers BUG_ON.

So, don't complete ->lo_bh_done when loop device isn't setup fully.

How reproducible: always
Steps to Reproduce:

#!/bin/sh -x
ISO=1.iso
mount -o loop $ISO /mnt
umount /mnt
mount -t iso9660 /dev/loop0 /mnt        # sic
mount -o loop $ISO /mnt
  
Actual results: BUG_ON(!bio); in loop_thread triggers
Comment 1 Alexey Dobriyan 2007-04-18 04:21:44 EDT 
Created attachment 152879 [details]
[PATCH] Fix NULL bio crash in loop worker thread
Comment 2 Eric Sandeen 2007-05-31 17:27:52 EDT 
Alexey, has this been sent upstream to lkml?
Comment 3 Alexey Dobriyan 2007-06-01 03:01:02 EDT 
It wasn't sent because bug was accidently fixed during kthread conversion.
See commit 6c9979185c7ef4feeb7f8d29be032b8f032a1838.
Probably, I should sent it to Adrian Bunk...
Comment 4 Eric Sandeen 2007-06-01 10:06:26 EDT 
Thanks Alexey.

-Eric
Comment 5 Eric Sandeen 2007-06-04 15:10:07 EDT 
I see this was sent up for Adrian's tree at http://lkml.org/lkml/2007/6/1/45
Comment 7 RHEL Product and Program Management 2007-06-12 15:59:13 EDT 
This request was evaluated by Red Hat Kernel Team for inclusion in a Red
Hat Enterprise Linux maintenance release, and has moved to bugzilla 
status POST.
Comment 8 Don Zickus 2007-06-15 20:31:52 EDT 
in 2.6.18-27.el5
You can download this test kernel from http://people.redhat.com/dzickus/el5
Comment 10 Michal Schmidt 2007-09-25 09:39:09 EDT 
*** Bug 280861 has been marked as a duplicate of this bug. ***
Comment 12 errata-xmlrpc 2007-11-07 14:47:07 EST 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0959.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.